Hacked in the Web

According to a new report, if you are on the Web at all–and who among us is not, at least some of the time–you are not safe from hackers, phishers, and spammers, oh my!  According to The Norton Cybercrime Report: The Human Impact of 7,000 Web users, 65% of all users globally, and 73% of U. S. users have been hacked in some sort of cybercrime.  Of course, most of them are thoroughly hacked off.   Globally, the U. S. ranks very high at 73% but in this case we’re not first in line.   China wins Number One with 83% of its users hacked, as well as hacked off, too.  While security and privacy issues have always been an issue of Web use, this still seems shockingly high.  I hope another, independent report (one unattached to a security software company) will emerge to confirm these finding.  In any event, these are figures to give one pause. 

While there are things one can do to prevent privacy loss and idntity theft, the New York Times reminds us recently that even strong passwords, changing them, garbling them with letters and numbers, and so on, are not certain safeguards.  It would appear that the cybergeeks, such as Scott McNealy and Mark Zuckerberg,  are right after all.  We all have no privacy anymore: it’s dead, so get over it.

What gets us most easily in these cyberattacks is one of those viruses that records keystrokes (a keyloger).  Norton tells us–and this comes as no surprise–that in order to prevent such things you must have antivirus software and a security system (naturally theirs is the best) in place.   Of course, the other alternative is signing off altogether.  Having a very good security system is critically important.  But the trouble even with such systems is that cybercriminals never sleep.  And they have as much to gain as you do to lose by outsmarting your security system, whatever it is.  The blame comes in two parts: our own stupidity and the nature of the free and open Web.

First, our own stupidity.  We all–yes, even we brilliant academics–do really stupid online tricks.  We reply, open, or follow emails from individuals we do not know.  Some of us click on emails that tell us our email address is worth millions.  Still others of us have passwords so simple even a caveman (my apologies to Neanderthals everywhere) could guess.  Others of us still send passwords and security information in response to authentic-seeming inquiries.  We shop online, and PayPal and Amazon–two favorite such places– appear to be the worst for allowing weak passwords and security loopholes.  If all of this were not enough, social networks now outrank email for scams, phishing expeditions, spamming–the kind you really cannot eat even if you wanted to–and  the all the rest that lead to cybertheft. 

Facebook, in particular, has been the most egregious in allowing security breaches.  With now more than a half billion people using it, perhaps the above-quoted cybertheft figures seem low upon reflection.  Facebook, and its founder Mark Zuckerberg, are allergic to privacy.  To see just to what extent, view the erosion of privacy on Facebook here.   For an accompanying explanation about that loss and how it occurred, see here.  In order to protect your privacy in at least some manner on Facebook, you have to follow these steps, meaning, of course, that privacy is neither protected nor honored on the social networking giant.  Only a few days ago, Facebook changed the way you confirm friends from “ignore” to “not now.”  According to some experts, this “not now” is a de facto follow way of making everyone apart of your Facebook who makes a request (to fully block a peson, it’s now a two-step process).  And it isn’t just Facebook.  Twitter, MySpace and other social networks all have varying degrees of privacy problems.  Google’s  Buzz, you may recall, was pulled after only a couple of months because privacy had been handled so cavalierly.

Part two of the blame is the free and open Web.  In addition to our less than brilliant mistakes, at least half the blame goes to the Web itself.  Web security came about almost as an afterthought.  Even today, those twentysomethings creating the next latest and greatest website or social network really aren’t thinking about security as a first or even second consideration.  I’ve shared this story before, but at the risk of repetition, I’ll share it again.  

In the fall of 2009, I had the pleasure of visiting one of the giants of technology innovation at one the nation’s finest institutions.  I, along with some others, went  to see what new Web “toys” were coming down the proverbial pipeline, or in this case, the fiber optic line.  All of the presenters in the room could have been my children except that my children are ten years older than most of the presenters. One of them simply looked just a few years too old to be one of my grandchildren!  In any event, they demonstrated a lot of “nifty” tools and “wow” factor inventions that we’ll all see one day, or at least some part of their technology in the near future.  One tool, in particular, a brooch or lapel pin, caught my eye especially, both because of what it did, and because of the young woman’s enthusiasm about it.

“Never again will you forget a name or a face,” she said with delight.  “When you walk up to people, you’ll instantly see his or her name, age, marital status, company, number of children, and even the last vacation destination.”  Ostensibly, the pin you wear “broadcasts” onto the person you see, his or her “Web fingerprint,” information you can see but the person wearing it cannot.  Of course, if that person is also wearing one, then you, too, will be “revealed.”

Our group consisted mainly of fiftysomethings and to a person we were horrified.  She assured us that no “really private information” would be shared.  Besides, most of what was being revealed was “on the Web anyway.”  When we tried to point out that this had serious privacy repercussions, her reply astonished all of us.

“Questions like that, philosophy, ethics, that sort of thing are really discussed in another department.”

And that is why security and privacy issues, at least for those of us old enough to remember the sixties, will never really be treated with anything other than contempt in our brave new world.  I don’t mean to sound petulant, or like a grumbling, old curmudgeon (which, of course, I am and do sound like).  I also realize that all this privacy talk is but a factor of my age.  This is just the state of our online affairs; and if you want to be online, forearmed is forewarned when it comes to privacy.  Even the courts now tell us that you have no right to an expectation of privacy when you go online.  Those working in this industry do not understand privacy issues, and many think it much ado about nothing.  The farther down the information superhighway we go, the more often we’ll see little bits (and bytes) of personal privacy roadkill along the way.

 So, seriously, what should we do?  All sign off?  Perhaps.  But before you do, keep your security up-to-date when at home, don’t surf to places where information is asked without knowing what the security is, and never, never, never give out information to anyone whom you do not know personally–and even then, call them just to be sure.   If you must order online, doso but not before you check the security certificate to see if it measures up, or ask someone who would know. I wish I could be more optimistic and give easy-to-follow steps, but none exist (beyond signing off) that I can think of. 

Allow the moral of this story to be simply this:  if you don’t want to be a victim of cybertheft or have your personal information in the hands of those who can harm you, don’t put it online … ever.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s